pez-infra/.github/workflows
Rasmus Wejlgaard a218acac34 ci: extract shared SOPS/tofu steps into composite actions
The SOPS install + version, the decrypt loop, the OpenTofu version, and
the Backblaze backend-credential extraction were copy-pasted across
terraform.yml (twice), validate-terraform.yml, and _deploy-core.yml.
A version bump meant editing the same string in up to four places and
was easy to do partially.

Pull them into three local composite actions so each is defined once:
  - setup-tofu          (pins OpenTofu version)
  - sops-decrypt        (installs SOPS, decrypts *.enc.* in place)
  - tofu-backend-creds  (exports Backblaze S3 creds to GITHUB_ENV)

Behaviour is unchanged; sops-decrypt also matches *.enc.env everywhere
(previously only _deploy-core did), which is a no-op in terraform/.
2026-06-18 20:23:35 +01:00
..
_deploy-core.yml ci: extract shared SOPS/tofu steps into composite actions 2026-06-18 20:23:35 +01:00
deploy-on-merge.yml fix: stop masking failed service deploys; trim dead config (#119) 2026-06-04 18:41:24 +01:00
deploy.yml hotfix: broken pipeline (#109) 2026-05-15 20:19:56 +01:00
lint-ansible.yml chore(deps): bump the github-actions group across 1 directory with 2 updates (#117) 2026-06-05 21:13:03 +01:00
lint-docker-compose.yml fix: update checkout version to dodge deprecation (#77) 2026-04-26 18:13:38 +01:00
terraform.yml ci: extract shared SOPS/tofu steps into composite actions 2026-06-18 20:23:35 +01:00
validate-caddyfile.yml ci: make Caddyfile validation download robust (#134) 2026-06-15 20:38:21 +01:00
validate-terraform.yml ci: extract shared SOPS/tofu steps into composite actions 2026-06-18 20:23:35 +01:00